﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.SessionState;
using System.Text;
namespace Vehicle.Web
{
    /// <summary>
    /// Copyright (C) M-Tear团队
    /// 文 件 名：Global.asax
    /// 版    本：v1.00.0000
    /// 创建标识：2009-08-29    Created by 杨光远 V1.00.0000
    /// 功能说明：全局方法,主要进行安全过滤
    /// 注意事项：无
    /// 
    /// 更新记录：
    /// 
    /// </summary>
    public class Global : System.Web.HttpApplication
    {

        /// <summary>
        /// 当有数据时交时，触发事件 
        /// </summary>
        /// <param name="sender"></param>
        /// <param name="e"></param>
        protected void Application_BeginRequest(Object sender, EventArgs e)
        {
            //遍历Post参数，隐藏域除外 
            foreach (string i in this.Request.Form)
            {
                if (i == "__VIEWSTATE") continue;
                this.goErr(this.Request.Form[i].ToString());
            }
            //遍历Get参数。 
            foreach (string i in this.Request.QueryString)
            {
                this.goErr(this.Request.QueryString[i].ToString());

            }
        }

        /// <summary> 
        ///SQL注入过滤 
        /// </summary> 
        /// <param name="InText">要过滤的字符串 </param> 
        /// <returns>如果参数存在不安全字符，则返回true </returns> 
        public bool SqlFilter(string InText)
        {
            string word = "and|exec|insert|select|delete|update|chr|mid|master|or|truncate|char|declare|join|cmd";
            if (InText == null)
                return false;
            foreach (string i in word.Split('|'))
            {
                if ((InText.ToLower().IndexOf(i + " ") > -1) || (InText.ToLower().IndexOf(" " + i) > -1))
                {
                    return true;
                }
            }
            return false;
        }

        /// <summary> 
        /// 校验参数是否存在SQL字符,如果有则提示并返回
        /// </summary> 
        /// <param name="tm">要检验的参数值 </param> 
        private void goErr(string tm)
        {
            if (SqlFilter(tm))
            {
                Response.Write(" <script>window.alert('您输入的数据存在有误参数!');history.back();" + " </" + "script>");
            }
        }
        /// <summary>
        /// 程序出错设计
        /// </summary>
        /// <param name="sender"></param>
        /// <param name="e"></param>
        protected void Application_Error(object sender, EventArgs e)  
        { 
            Exception objErr = Server.GetLastError().GetBaseException();
            StringBuilder err = new StringBuilder();
            err.Append("<div style=\"border-color:Blue;\" align=\"center\" >");
            err.Append("<br>");
            err.Append("<table cellSpacing=\"0\" cellPadding=\"2\" border=\"0\">");
            err.Append("<tr><td><img src=\"../../../../Images/Error.gif\" /></td>");
            err.Append("<td valign=\"top\">");
            err.Append("<table><tr><td style=\"color:Red;\" ><h4>系统发生错误</h4></font></td></tr>");
            err.Append("<tr><td ><h5>1:错误页面:" + Request.Url.ToString() + "</h5></font></td></tr>");
            err.Append("<tr><td ><h5>2:错误信息:" + objErr.Message.ToString() + "</h5></font></td></tr>");
            err.Append( "</table></td></tr></table>");
            err.Append("</div>");
            HttpContext.Current.Response.Write(err);
            Server.ClearError();  
        }  
    }
}